[VIM] tellmatic 1.0.7 Multiple Remote File Inclusion Vulnerabilities
George A. Theall
theall at tenablesecurity.com
Mon Dec 3 14:59:11 UTC 2007
FWIW, the issues covered by Milw0rm 4684 are valid, but when you install
tellmatic, a .htaccess file is created in include/; eg:
AuthType Basic
AuthName "Tellmatic"
AuthUserFile /var/www/htdocs/tellmatic/include/.htpasswd
require valid-user
So exploitation not only requires register_globals to be enabled, but
also probably won't be successful when installed on Apache.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list